160727d8bSWarner Losh /*- 208ecce74SRobert Watson * Copyright (c) 2002, 2003, 2004, 2005 Jeffrey Roberson <jeff@FreeBSD.org> 308ecce74SRobert Watson * Copyright (c) 2004, 2005 Bosko Milekic <bmilekic@FreeBSD.org> 408ecce74SRobert Watson * All rights reserved. 58efc4effSJeff Roberson * 68efc4effSJeff Roberson * Redistribution and use in source and binary forms, with or without 78efc4effSJeff Roberson * modification, are permitted provided that the following conditions 88efc4effSJeff Roberson * are met: 98efc4effSJeff Roberson * 1. Redistributions of source code must retain the above copyright 108efc4effSJeff Roberson * notice unmodified, this list of conditions, and the following 118efc4effSJeff Roberson * disclaimer. 128efc4effSJeff Roberson * 2. Redistributions in binary form must reproduce the above copyright 138efc4effSJeff Roberson * notice, this list of conditions and the following disclaimer in the 148efc4effSJeff Roberson * documentation and/or other materials provided with the distribution. 158efc4effSJeff Roberson * 168efc4effSJeff Roberson * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 178efc4effSJeff Roberson * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 188efc4effSJeff Roberson * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 198efc4effSJeff Roberson * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 208efc4effSJeff Roberson * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 218efc4effSJeff Roberson * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 228efc4effSJeff Roberson * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 238efc4effSJeff Roberson * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 248efc4effSJeff Roberson * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 258efc4effSJeff Roberson * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 268efc4effSJeff Roberson */ 278efc4effSJeff Roberson 288efc4effSJeff Roberson /* 298efc4effSJeff Roberson * uma_dbg.c Debugging features for UMA users 308efc4effSJeff Roberson * 318efc4effSJeff Roberson */ 328efc4effSJeff Roberson 33874651b1SDavid E. O'Brien #include <sys/cdefs.h> 34874651b1SDavid E. O'Brien __FBSDID("$FreeBSD$"); 358efc4effSJeff Roberson 368efc4effSJeff Roberson #include <sys/param.h> 378efc4effSJeff Roberson #include <sys/systm.h> 388efc4effSJeff Roberson #include <sys/kernel.h> 398efc4effSJeff Roberson #include <sys/types.h> 408efc4effSJeff Roberson #include <sys/queue.h> 418efc4effSJeff Roberson #include <sys/lock.h> 428efc4effSJeff Roberson #include <sys/mutex.h> 438f70816cSJeff Roberson #include <sys/malloc.h> 448efc4effSJeff Roberson 4599571dc3SJeff Roberson #include <vm/vm.h> 4699571dc3SJeff Roberson #include <vm/vm_object.h> 4799571dc3SJeff Roberson #include <vm/vm_page.h> 488efc4effSJeff Roberson #include <vm/uma.h> 498efc4effSJeff Roberson #include <vm/uma_int.h> 508efc4effSJeff Roberson #include <vm/uma_dbg.h> 518efc4effSJeff Roberson 528efc4effSJeff Roberson static const u_int32_t uma_junk = 0xdeadc0de; 538efc4effSJeff Roberson 548efc4effSJeff Roberson /* 55b23f72e9SBrian Feldman * Checks an item to make sure it hasn't been overwritten since it was freed, 56b23f72e9SBrian Feldman * prior to subsequent reallocation. 578efc4effSJeff Roberson * 588efc4effSJeff Roberson * Complies with standard ctor arg/return 598efc4effSJeff Roberson * 608efc4effSJeff Roberson */ 61b23f72e9SBrian Feldman int 62b23f72e9SBrian Feldman trash_ctor(void *mem, int size, void *arg, int flags) 638efc4effSJeff Roberson { 648efc4effSJeff Roberson int cnt; 658efc4effSJeff Roberson u_int32_t *p; 668efc4effSJeff Roberson 678efc4effSJeff Roberson cnt = size / sizeof(uma_junk); 688efc4effSJeff Roberson 698efc4effSJeff Roberson for (p = mem; cnt > 0; cnt--, p++) 70cb6e5c1aSMike Silbersack if (*p != uma_junk) { 71cb6e5c1aSMike Silbersack printf("Memory modified after free %p(%d) val=%x @ %p\n", 72e0f86251SPoul-Henning Kamp mem, size, *p, p); 73b23f72e9SBrian Feldman return (0); 748efc4effSJeff Roberson } 75cb6e5c1aSMike Silbersack return (0); 76cb6e5c1aSMike Silbersack } 778efc4effSJeff Roberson 788efc4effSJeff Roberson /* 798efc4effSJeff Roberson * Fills an item with predictable garbage 808efc4effSJeff Roberson * 818efc4effSJeff Roberson * Complies with standard dtor arg/return 828efc4effSJeff Roberson * 838efc4effSJeff Roberson */ 848efc4effSJeff Roberson void 858efc4effSJeff Roberson trash_dtor(void *mem, int size, void *arg) 868efc4effSJeff Roberson { 878efc4effSJeff Roberson int cnt; 888efc4effSJeff Roberson u_int32_t *p; 898efc4effSJeff Roberson 908efc4effSJeff Roberson cnt = size / sizeof(uma_junk); 918efc4effSJeff Roberson 928efc4effSJeff Roberson for (p = mem; cnt > 0; cnt--, p++) 938efc4effSJeff Roberson *p = uma_junk; 948efc4effSJeff Roberson } 958efc4effSJeff Roberson 968efc4effSJeff Roberson /* 978efc4effSJeff Roberson * Fills an item with predictable garbage 988efc4effSJeff Roberson * 998efc4effSJeff Roberson * Complies with standard init arg/return 1008efc4effSJeff Roberson * 1018efc4effSJeff Roberson */ 102b23f72e9SBrian Feldman int 103b23f72e9SBrian Feldman trash_init(void *mem, int size, int flags) 1048efc4effSJeff Roberson { 1058efc4effSJeff Roberson trash_dtor(mem, size, NULL); 106b23f72e9SBrian Feldman return (0); 1078efc4effSJeff Roberson } 1088efc4effSJeff Roberson 1098efc4effSJeff Roberson /* 1108efc4effSJeff Roberson * Checks an item to make sure it hasn't been overwritten since it was freed. 1118efc4effSJeff Roberson * 1128efc4effSJeff Roberson * Complies with standard fini arg/return 1138efc4effSJeff Roberson * 1148efc4effSJeff Roberson */ 1158efc4effSJeff Roberson void 1168efc4effSJeff Roberson trash_fini(void *mem, int size) 1178efc4effSJeff Roberson { 118b23f72e9SBrian Feldman (void)trash_ctor(mem, size, NULL, 0); 1198efc4effSJeff Roberson } 120639c9550SJeff Roberson 121b23f72e9SBrian Feldman int 122b23f72e9SBrian Feldman mtrash_ctor(void *mem, int size, void *arg, int flags) 1238f70816cSJeff Roberson { 1248f70816cSJeff Roberson struct malloc_type **ksp; 1258f70816cSJeff Roberson u_int32_t *p = mem; 1268f70816cSJeff Roberson int cnt; 1278f70816cSJeff Roberson 1288f70816cSJeff Roberson size -= sizeof(struct malloc_type *); 1298f70816cSJeff Roberson ksp = (struct malloc_type **)mem; 1308f70816cSJeff Roberson ksp += size / sizeof(struct malloc_type *); 1318f70816cSJeff Roberson cnt = size / sizeof(uma_junk); 1328f70816cSJeff Roberson 1338f70816cSJeff Roberson for (p = mem; cnt > 0; cnt--, p++) 1348f70816cSJeff Roberson if (*p != uma_junk) { 135e0f86251SPoul-Henning Kamp printf("Memory modified after free %p(%d) val=%x @ %p\n", 136e0f86251SPoul-Henning Kamp mem, size, *p, p); 1378f70816cSJeff Roberson panic("Most recently used by %s\n", (*ksp == NULL)? 1388f70816cSJeff Roberson "none" : (*ksp)->ks_shortdesc); 1398f70816cSJeff Roberson } 140b23f72e9SBrian Feldman return (0); 1418f70816cSJeff Roberson } 1428f70816cSJeff Roberson 1438f70816cSJeff Roberson /* 1448f70816cSJeff Roberson * Fills an item with predictable garbage 1458f70816cSJeff Roberson * 1468f70816cSJeff Roberson * Complies with standard dtor arg/return 1478f70816cSJeff Roberson * 1488f70816cSJeff Roberson */ 1498f70816cSJeff Roberson void 1508f70816cSJeff Roberson mtrash_dtor(void *mem, int size, void *arg) 1518f70816cSJeff Roberson { 1528f70816cSJeff Roberson int cnt; 1538f70816cSJeff Roberson u_int32_t *p; 1548f70816cSJeff Roberson 1558f70816cSJeff Roberson size -= sizeof(struct malloc_type *); 1568f70816cSJeff Roberson cnt = size / sizeof(uma_junk); 1578f70816cSJeff Roberson 1588f70816cSJeff Roberson for (p = mem; cnt > 0; cnt--, p++) 1598f70816cSJeff Roberson *p = uma_junk; 1608f70816cSJeff Roberson } 1618f70816cSJeff Roberson 1628f70816cSJeff Roberson /* 1638f70816cSJeff Roberson * Fills an item with predictable garbage 1648f70816cSJeff Roberson * 1658f70816cSJeff Roberson * Complies with standard init arg/return 1668f70816cSJeff Roberson * 1678f70816cSJeff Roberson */ 168b23f72e9SBrian Feldman int 169b23f72e9SBrian Feldman mtrash_init(void *mem, int size, int flags) 1708f70816cSJeff Roberson { 1718f70816cSJeff Roberson struct malloc_type **ksp; 1728f70816cSJeff Roberson 1738f70816cSJeff Roberson mtrash_dtor(mem, size, NULL); 1748f70816cSJeff Roberson 1758f70816cSJeff Roberson ksp = (struct malloc_type **)mem; 1768f70816cSJeff Roberson ksp += (size / sizeof(struct malloc_type *)) - 1; 1778f70816cSJeff Roberson *ksp = NULL; 178b23f72e9SBrian Feldman return (0); 1798f70816cSJeff Roberson } 1808f70816cSJeff Roberson 1818f70816cSJeff Roberson /* 182b23f72e9SBrian Feldman * Checks an item to make sure it hasn't been overwritten since it was freed, 183b23f72e9SBrian Feldman * prior to freeing it back to available memory. 1848f70816cSJeff Roberson * 1858f70816cSJeff Roberson * Complies with standard fini arg/return 1868f70816cSJeff Roberson * 1878f70816cSJeff Roberson */ 1888f70816cSJeff Roberson void 1898f70816cSJeff Roberson mtrash_fini(void *mem, int size) 1908f70816cSJeff Roberson { 191b23f72e9SBrian Feldman (void)mtrash_ctor(mem, size, NULL, 0); 1928f70816cSJeff Roberson } 1938f70816cSJeff Roberson 194639c9550SJeff Roberson static uma_slab_t 195639c9550SJeff Roberson uma_dbg_getslab(uma_zone_t zone, void *item) 196639c9550SJeff Roberson { 197639c9550SJeff Roberson uma_slab_t slab; 198099a0e58SBosko Milekic uma_keg_t keg; 199639c9550SJeff Roberson u_int8_t *mem; 200639c9550SJeff Roberson 201099a0e58SBosko Milekic keg = zone->uz_keg; 202639c9550SJeff Roberson mem = (u_int8_t *)((unsigned long)item & (~UMA_SLAB_MASK)); 203099a0e58SBosko Milekic if (keg->uk_flags & UMA_ZONE_MALLOC) { 20499571dc3SJeff Roberson slab = vtoslab((vm_offset_t)mem); 205099a0e58SBosko Milekic } else if (keg->uk_flags & UMA_ZONE_HASH) { 206099a0e58SBosko Milekic slab = hash_sfind(&keg->uk_hash, mem); 207639c9550SJeff Roberson } else { 208099a0e58SBosko Milekic mem += keg->uk_pgoff; 209639c9550SJeff Roberson slab = (uma_slab_t)mem; 210639c9550SJeff Roberson } 211639c9550SJeff Roberson 212639c9550SJeff Roberson return (slab); 213639c9550SJeff Roberson } 214639c9550SJeff Roberson 215639c9550SJeff Roberson /* 216639c9550SJeff Roberson * Set up the slab's freei data such that uma_dbg_free can function. 217639c9550SJeff Roberson * 218639c9550SJeff Roberson */ 219639c9550SJeff Roberson 220639c9550SJeff Roberson void 221639c9550SJeff Roberson uma_dbg_alloc(uma_zone_t zone, uma_slab_t slab, void *item) 222639c9550SJeff Roberson { 223099a0e58SBosko Milekic uma_keg_t keg; 224ab14a3f7SBrian Feldman uma_slabrefcnt_t slabref; 225639c9550SJeff Roberson int freei; 226639c9550SJeff Roberson 227099a0e58SBosko Milekic keg = zone->uz_keg; 228639c9550SJeff Roberson if (slab == NULL) { 229639c9550SJeff Roberson slab = uma_dbg_getslab(zone, item); 230639c9550SJeff Roberson if (slab == NULL) 231639c9550SJeff Roberson panic("uma: item %p did not belong to zone %s\n", 232639c9550SJeff Roberson item, zone->uz_name); 233639c9550SJeff Roberson } 234639c9550SJeff Roberson 235639c9550SJeff Roberson freei = ((unsigned long)item - (unsigned long)slab->us_data) 236099a0e58SBosko Milekic / keg->uk_rsize; 237639c9550SJeff Roberson 238ab14a3f7SBrian Feldman if (keg->uk_flags & UMA_ZONE_REFCNT) { 239ab14a3f7SBrian Feldman slabref = (uma_slabrefcnt_t)slab; 240ab14a3f7SBrian Feldman slabref->us_freelist[freei].us_item = 255; 241ab14a3f7SBrian Feldman } else { 242099a0e58SBosko Milekic slab->us_freelist[freei].us_item = 255; 243ab14a3f7SBrian Feldman } 244639c9550SJeff Roberson 245639c9550SJeff Roberson return; 246639c9550SJeff Roberson } 247639c9550SJeff Roberson 248639c9550SJeff Roberson /* 249639c9550SJeff Roberson * Verifies freed addresses. Checks for alignment, valid slab membership 250639c9550SJeff Roberson * and duplicate frees. 251639c9550SJeff Roberson * 252639c9550SJeff Roberson */ 253639c9550SJeff Roberson 254639c9550SJeff Roberson void 255639c9550SJeff Roberson uma_dbg_free(uma_zone_t zone, uma_slab_t slab, void *item) 256639c9550SJeff Roberson { 257099a0e58SBosko Milekic uma_keg_t keg; 258ab14a3f7SBrian Feldman uma_slabrefcnt_t slabref; 259639c9550SJeff Roberson int freei; 260639c9550SJeff Roberson 261099a0e58SBosko Milekic keg = zone->uz_keg; 262639c9550SJeff Roberson if (slab == NULL) { 263639c9550SJeff Roberson slab = uma_dbg_getslab(zone, item); 264639c9550SJeff Roberson if (slab == NULL) 265639c9550SJeff Roberson panic("uma: Freed item %p did not belong to zone %s\n", 266639c9550SJeff Roberson item, zone->uz_name); 267639c9550SJeff Roberson } 268639c9550SJeff Roberson 269639c9550SJeff Roberson freei = ((unsigned long)item - (unsigned long)slab->us_data) 270099a0e58SBosko Milekic / keg->uk_rsize; 271639c9550SJeff Roberson 272099a0e58SBosko Milekic if (freei >= keg->uk_ipers) 2737550be9cSPeter Wemm panic("zone: %s(%p) slab %p freelist %d out of range 0-%d\n", 274099a0e58SBosko Milekic zone->uz_name, zone, slab, freei, keg->uk_ipers-1); 275639c9550SJeff Roberson 276099a0e58SBosko Milekic if (((freei * keg->uk_rsize) + slab->us_data) != item) { 277639c9550SJeff Roberson printf("zone: %s(%p) slab %p freed address %p unaligned.\n", 278639c9550SJeff Roberson zone->uz_name, zone, slab, item); 279639c9550SJeff Roberson panic("should be %p\n", 280099a0e58SBosko Milekic (freei * keg->uk_rsize) + slab->us_data); 281639c9550SJeff Roberson } 282639c9550SJeff Roberson 283ab14a3f7SBrian Feldman if (keg->uk_flags & UMA_ZONE_REFCNT) { 284ab14a3f7SBrian Feldman slabref = (uma_slabrefcnt_t)slab; 285ab14a3f7SBrian Feldman if (slabref->us_freelist[freei].us_item != 255) { 286ab14a3f7SBrian Feldman printf("Slab at %p, freei %d = %d.\n", 287ab14a3f7SBrian Feldman slab, freei, slabref->us_freelist[freei].us_item); 288ab14a3f7SBrian Feldman panic("Duplicate free of item %p from zone %p(%s)\n", 289ab14a3f7SBrian Feldman item, zone, zone->uz_name); 290ab14a3f7SBrian Feldman } 291ab14a3f7SBrian Feldman 292ab14a3f7SBrian Feldman /* 293ab14a3f7SBrian Feldman * When this is actually linked into the slab this will change. 294ab14a3f7SBrian Feldman * Until then the count of valid slabs will make sure we don't 295ab14a3f7SBrian Feldman * accidentally follow this and assume it's a valid index. 296ab14a3f7SBrian Feldman */ 297ab14a3f7SBrian Feldman slabref->us_freelist[freei].us_item = 0; 298ab14a3f7SBrian Feldman } else { 299099a0e58SBosko Milekic if (slab->us_freelist[freei].us_item != 255) { 300639c9550SJeff Roberson printf("Slab at %p, freei %d = %d.\n", 301099a0e58SBosko Milekic slab, freei, slab->us_freelist[freei].us_item); 302639c9550SJeff Roberson panic("Duplicate free of item %p from zone %p(%s)\n", 303639c9550SJeff Roberson item, zone, zone->uz_name); 304639c9550SJeff Roberson } 305639c9550SJeff Roberson 306639c9550SJeff Roberson /* 307639c9550SJeff Roberson * When this is actually linked into the slab this will change. 308639c9550SJeff Roberson * Until then the count of valid slabs will make sure we don't 309639c9550SJeff Roberson * accidentally follow this and assume it's a valid index. 310639c9550SJeff Roberson */ 311099a0e58SBosko Milekic slab->us_freelist[freei].us_item = 0; 312639c9550SJeff Roberson } 313ab14a3f7SBrian Feldman } 314